Penetration Testing mailing list archives

RE: Extreme Networks password hash

From: Alexander Sandström Krantz A <alexander.a.sandstrom.krantz () ericsson com>
Date: Mon, 21 Apr 2008 08:51:19 +0200

Thank you for all your help, it's appreciated!

Adding $1$ to the hashes before running JtR works perfect, just didn't know
that you had to do that (but I should probably have been able to guess that
by looking at /etc/shadow or such).

Cheers,
Alexander

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of razi garbie
Sent: den 18 april 2008 08:44
To: Alexander Sandström Krantz A
Cc: pen-test () securityfocus com
Subject: Re: Extreme Networks password hash

Hey,

I do recognize the hash but cant point out which it is..
However, you could try john the ripper against it, in most cases JTR tells
you what hash is used.

// Good luck, RG

2008/4/17, Alexander Sandström Krantz A
<alexander.a.sandstrom.krantz () ericsson com>:

Hi!
 I'm interested in finding out what kind of hash Extremeware (v 7.7) 
uses to  encrypt user passwords. The reason is that I'm trying to find 
out how to  perform a (dictionary or bruteforce) password attack 
against an Extreme  Networks switch. I could use Medusa or THC-Hydra 
to perform a remote attack,  but I would like to avoid it if it's not 
necessary because of the performance  drawbacks.

 I've read through the documentation provided by Extreme, but found 
nothing. I  know that to set up the admin account with an empty 
password, and create an  account "user", also with an empty password, 
the following configuration is
 used:

 ---------------------------------------
 configure account admin encrypted
 452tVo$nEbHpfJFTUGyBrqmtY8q3.
 452tVo$nEbHpfJFTUGyBrqmtY8q3.
 create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
 --------------------------------------

 As these commands contain different hashes, even though both users 
are given  emtpy passwords, I guess the hash is salted. From the 
length I also guess that  it's SHA224, but that is a complete guess as I

really have no idea.


 Does anyone know about the kind of hash used, or recognize the ones 
in the  configuration? If you do, would you happen to know any tool 
that can perform  an attack against this kind of hash?

 Cheers,

Alexander


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Attachment: smime.p7s
Description:

Current thread:

Extreme Networks password hash Alexander Sandström Krantz A (Apr 17)
- Re: Extreme Networks password hash RB (Apr 18)
- Re: Extreme Networks password hash Marco Ivaldi (Apr 18)
- Re: Extreme Networks password hash Peter Kosinar (Apr 18)
- Re: Extreme Networks password hash Tim (Apr 18)
  - DoS Tool Baykal, Adnan (CSCIC) (Apr 23)
    - Re: DoS Tool Razi Shaban (Apr 23)
- RE: Extreme Networks password hash Jean-Paul Eklo (Apr 18)
- Re: Extreme Networks password hash razi garbie (Apr 18)
  - RE: Extreme Networks password hash Alexander Sandström Krantz A (Apr 21)